Standard 1110 Organisational Independence The chief audit executive must report to a level within the organisation that allows the internal audit activity to fulfil its responsibilities. The chief audit executive must confirm to the board, at least annually, the organisational independence of the internal audit activity. Interpretation: Organisational independence is effectively achieved when the chief audit executive reports functionally to the board. Examples of functional reporting to the board involve the board: Approving the internal audit charter; Approving the risk based internal audit plan; Receiving communications from the chief audit executive on the internal audit activity's performance relative to its plan and other matters; Approving decisions regarding the appointment and removal of the chief audit executive; and Making appropriate inquiries of management and the chief audit executive to determine whether there are inappropriate scope or resource limitations. 1110.A1 The internal audit activity must be free from interference in determining the scope of internal auditing, performing work and communicating results.
The Practice Advisory gives more guidance on the recommended reporting structure and what these reporting lines would entail: Practice Advisory 1110-1 1. Support from senior management and the board assists the internal audit activity in gaining the cooperation of engagement clients and performing their work free from interference. 2. The chief audit executive (CAE), reporting functionally to the board and administratively to the organisation's chief executive officer, facilitates organisational independence. At a minimum the CAE needs to report to an individual in the organisation with sufficient authority to promote independence and to ensure broad audit coverage, adequate consideration of engagement communications, and appropriate action on engagement recommendations. 3. Functional reporting to the board typically involves the board: Approving the internal audit activity's overall charter. Approving the internal audit risk assessment and related audit plan. Receiving communications from the CAE on the results of the internal audit activities or other matters that the CAE determines are necessary, including private meetings with the CAE without management present, as well as annual confirmation of the internal audit activity's organisational independence. Approving all decisions regarding the performance evaluation, appointment, or removal of the CAE. Approving the annual compensation and salary adjustment of the CAE. Making appropriate inquiries of management and the CAE to determine whether there is audit scope or budgetary limitations that impede the ability of the internal audit activity to execute its responsibilities.
4. Administrative reporting is the reporting relationship within the organisation's management structure that facilitates the day-to-day operations of the internal audit activity. Administrative reporting typically includes:. Budgeting and management accounting.. Human resource administration, including personnel evaluations and compensation.. Internal communications and information flows.. Administration of the internal audit activity's policies and procedures. Standard: 1120 Individual Objectivity Internal auditors must have an impartial, unbiased attitude and avoid any conflict of interest. Interpretation : Conflict of interest is a situation in which an internal auditor, who is in a position of trust, has a competing professional or personal interest. Such competing interests can make it difficult to fulfil his or her duties impartially. A conflict of interest exists even if no unethical or improper act results. A conflict of interest can create an appearance of impropriety that can undermine confidence in the internal auditor, the internal audit activity, and the profession. A conflict of interest could impair an individual's ability to perform his or her duties and responsibilities objectively.
The Practice Advisory gives more guidance on what is permissible and could impair an internal audit individual s objectivity: Practice Advisory 1120-1 1. Individual objectivity means the internal auditors perform engagements in such a manner that they have an honest belief in their work product and that no significant quality compromises are made. Internal auditors are not to be placed in situations that could impair their ability to make objective professional judgements. 2. Individual objectivity involves the chief audit executive (CAE) organising staff assignments that prevent potential and actual conflict of interest and bias, periodically obtaining information from the internal audit staff concerning potential conflict of interest and bias, and, when practicable, rotating internal audit staff assignments periodically. 3. Review of internal audit work by an audit supervisor or senior results before the related engagement communications are released assists in providing reasonable assurance that the work was performed objectively. 4. The internal auditor's objectivity is not adversely affected when the auditor recommends standards of control for systems or reviews procedures before they are implemented. The auditor's objectivity is considered to be impaired if the auditor designs, installs, drafts procedures for, or operates such systems. 5. The occasional performance of non-audit work by the internal auditor, with full disclosure in the reporting process, would not necessarily impair objectivity. However, it would require careful consideration by management and the internal auditor to avoid adversely affecting the internal auditor's objectivity.
The Impairment to Independence or Objectivity Standard 1130 states that if independence or objectivity is impaired in fact or appearance, the details of the impairment must be disclosed to appropriate parties. The nature of the disclosure will depend upon the impairment. Interpretation: Impairment to organisational independence and individual objectivity may include, but is not limited to, personal conflict of interest, scope limitations, restrictions on access to records, personnel, and properties, and resource limitations, such as funding. The determination of appropriate parties to which the details of an impairment to independence or objectivity must be disclosed is dependent upon the expectations of the internal audit activity's and the chief audit executive's responsibilities to senior management and the board as described in the internal audit charter, as well as the nature of the impairment. 1130.A1 Internal auditors must refrain from assessing specific operations for which they were previously responsible. Objectivity is presumed to be impaired if an internal auditor provides assurance services for an activity for which the internal auditor had responsibility within the previous year. 1130.A2 Assurance engagements for functions over which the chief audit executive has responsibility must be overseen by a party outside the internal audit activity. 1130.C1 Internal auditors may provide consulting services relating to operations for which they had previous responsibilities. 1130. C2 If internal auditors have potential impairments to independence or objectivity relating to proposed consulting services, disclosure must be made to the engagement client prior to accepting the engagement.